Many devices have been proposed for detecting intrusion or malicious traffic in networks. However, these devices are limited in their functionality: they do not support mobile network environments such as GSM, WCDMA, and CDMA; they cannot automatically recognize the identity of the mobile subscribers generating or receiving malicious traffic; and they do not offer any notification mechanism to the mobile subscribers.
Malicious traffic can be originated from different sources such as viruses, worms, Trojan horses, spyware, adware, other malicious programs, and hackers/crackers.
A virus is a computer program that attaches itself to a program or email so that it can spread from computer to computer. A virus must execute and replicate itself. Some examples of email viruses are MyDoom, LoveLetter, etc.
A worm is a computer program that replicates itself from computer to computer without a transport file or email. A worm usually spreads by using a network or system vulnerability without the knowledge of the user.
A Trojan horse is a program that claims to be legitimate but actually compromises the security of the system by leaving a backdoor open. The backdoor can then be used by hackers to intrude and control the system.
The line between a virus and a worm is sometimes blurred, but viruses and worms both have common goals: to spread from system to system and reach a maximum number of targets, to overload systems and networks, and to eventually create damage to systems. The goal of the Trojan horse is to compromise the system for remote control and malicious activities.
Spyware is a broad category of malicious software. Those who write and deliberately spread spyware intend to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user. Spyware differs from viruses and worms in that it does not self-replicate. Like many recent viruses, spyware is designed to exploit infected computers for commercial gain.
The term adware refers to any software which displays advertisements, whether or not it does so with the user's consent. Adware programs differ from spyware in that they do not invisibly collect and upload activity records or personal information when the user of the computer does not expect or approve of the transfer.
The hacker or cracker generates malicious code to intrude systems.
Mobile data networks such as GPRS, CDMA 1×, UMTS, etc., transport malicious traffic which are sent by mobile subscribers. The problem with viruses and worms is they cannot be stopped from spreading unless the host computer is cleaned. In the current situation, there is no existing system able to identify the infected user in the mobile network. Consequently, an infection can remain undiscovered until the user realizes he/she is infected by a virus and cleans the computer of the infection.
Additionally, there is a big difference between fixed and mobile/wireless IP networks: mobile/wireless IP networks have a bandwidth limitation and the cost of an air interface and routing equipment (e.g., BSC, SGSN, GGSN, PDSN, etc.) is much more expensive than fixed internet IP routers.
GPRS/WCDMA/CDMA1× laptops are infected by mobile subscribers which send malicious programs that cripple IP networks with dangerous and high load traffic. Additionally, some systems are infected by Trojan horses that can allow the system to be remotely controlled and generate even more malicious traffic on the network. The problem with viruses and worms is they cannot be stopped from spreading unless the host computer is cleaned. In the current situation, there is no existing system able to identify the infected user, and consequently an infection can remain undiscovered until the user realizes he/she is infected by a virus and cleans the computer of the infection.
In the future, mobile phone viruses will pose the same threats to the network as those created by viruses on GPRS laptops.